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NTISSC 

NATIONAl. 

TELECOMMUNICATIONS 

AND 

INFORMATION SYSTEMS 

SECURITY 

COMMITTEE 


NTISSC 22-/1 
23 November 1984 


MEMORANDUM FOR THE MEMBERS AND OBSERVERS, NATIONAL 

TELECOMMUNICATIONS AND INFORMATION SYSTEMS SECURITY COMMITTEE 


SUBJECT: Representation on the NTISSC 's Permanent Subcommittee 
on Telecommunications Security 


1. The National Security Decision Directive (NSDD) Ntimber 
145 signed into effect 17 September 1984 by the President, provides 
for your representative's participation in the work of the 
permanent Subcommittee on Telecommunications Security (STS) . 

Your representative and designated alternate should have a TOP 
SECRET/SI/TK security clearance. 


National 


2 ^ The Executive Secretary of the STS is 

L telephone (301) 688-7355, mailing address : 

Security Agency, ATTN: Executive Secretary, NTISSC, Fort 
George G. Meade, MD, 20755-6000. Please provide him the name, 
mailing address, phone number (s) and security clearance of your 
representative and designated alternate not later than 
3 December 1984. 


3. The first meeting of the STS will be held on 

18 December 1984 from 0900-1200 hours, in the Director, DIA 
Conference Room, room 3E267, the Pentagon. Enclosed are the 
approved STS Charter and the agenda for the first STS meeting. 
Additional agenda items may be submitted to the STS secretariat 
prior to the 18 December meeting. 

4. The STS is charged to complete an evaluation of the 
status of telecommunications systems security by February 1985. 
Members should come to the meeting with a written character- 
ization (location and number of nodes, information supported, 
cost of operation, and type of encryption) of their major 
existing and planned networks which are now secure or are 
planned to be secured. 


5. The National Security Agency representative will 
provide to the STS an inventory of all cryptographic equipment, 
existing and planned, to include number, availability, cost, and 
operational burdens, such as, lack of automated key distribution 
and incompatibilities. 


DCl 

I EX;uC 
L - m n[;G 
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STAT 


riirr^nt^ NTISSC Secretariat will provide a report of all 

systems security policies 

prepaid STS representative should be 

the^’sTS a“d"Stter 

government committees to accomplish the task as given in NSDD- 

Pocrafr^ g 


Chairman , 

Subcommittee on Telecommunications Security 


2 Ends : 
a/s 
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AGENDA 
STS MEETING 

Chairman 


I . Opening Remarks 

II. Introduction of Members 

III. Determination of STS 

Responsibilities /Conflicts 

IV. Discussion of Agency Existing and 
Planned Communication Systems 

V. Cryptographic Equipment Available 
to include Key Distribution 

VI. Organizational Interfaces between 
Federal Government/Private Sector 

VII. Actions Assigned 

VIII. Report on Telecommunications 
Systems Security Policies 


Chairman 

All 

Transportation 

All 

MSA 

Commerce 

Chairman 

NTISSC 

Executive Secretary 
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NATIONAL TELECOMMUNICATIONS AND INFORMATION SYSTEMS SECURITY COMMITTEE 

CHARTER 
for the 

SUBCOMMITTEE ON TELECOMMUNICATIONS SECURITY 


Policy OH Telecommunications and Automated 
Directl^i security, (National Security Decision 

the authorizes and directs the establishment, under 

CoLuter(NT?ls??°Tf"^°^‘‘°"^ information Systems Security 
committee (NTISSC) , of a permanent Subcommittee on Telecom- 

NSDD-I45°2nd^thp^^^^ (STS). In accordance with the policies of 
NSDD 145 and the Governing Procedures of the NTISSC. this ChartPr 
spe^fies the organization, responsibilities, aJI mission of tte 


Under the cognizance of the STS and subject to the 
deliberations and actions of the STS include teleconmunications 

systems, secure record and data systems 
s?raLaic telecommunications systems, weapons and 

^ defense telecommunications systems, command and control 
suih systems, compromising emanations, and other 

aDorooriatP^ may be determined by the Subcommittee to be 

.Subcommittee also subsumes the responsibilities 

Subcolf?far Communications Security Commi??er 

Subcommittee on Compromising Emanations. 

Subcommittee shall be composed of one voting represen- 
alf-prna?^ orpnization represented on the NTISSC. One 

alternate for each principal STS representative shall be 

orii^^na?*^ Plenary powers in the absence of the 

a TOP IeCRET IlHrancef"®"' observers shall have 

Agencies and other government organizations 
committed to expeditious implementation of national telecommuni- 

^nd which are not represented oS SJ^ 
NTISSC, may be invited by the Chair, NTISSC to participate in STS 
activities. Each such organization may be represented o^thS ItI 
by an observer, who shall have all rights and ^ivulgerof 
representatives, except the right to vote. ^ 

3. The Chair of the STS shall be the Assistant Secretary, 
Electronic Systems and Information Technology, Department of the 
Treasury The NTISSC Secretariat also will s^rvl Js ?he 
secretariat to the STS. 
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4. The STS representatives should meet at least once per quarter 
each calendar year or more often at the call of the Chair or at 
the request of a majority of the representatives, but not less 

^ tentative agenda for each subsequent 
established by the STS Secretariat before the end 
of the last quarter of the current calendar year. 

following^^"^^”^*^*^ Subcommittee shall have as its procedures the 

a. The STS will reach decisions on matters within its 
cognizance by majority vote. The Chair shall vote in the event 
°^®s®"ting views, with supporting rationale, may be 
^ any. representative, brought to the attention of the 
NTISSC Secretariat, and forwarded to the full Committee. 

. Subjects for consideration by the STS may be referred to 

It by the NTISSC or by any STS representative or observer. The 

least annually specifically solicit issues 
from the STS representative for the forthcoming year. 

i-h/a eSe J^^a.^^air will publish an agenda and summary minutes of 
the STS and its subordinate bodies which shall be the official ' 
business. The agenda shall be provided 10 working days 
each meeting"'^^^^”^ minutes within 10 working days after 

^nch other procedures as may be required to conduct the 
chartered activities of the STS may be determined by the STS 
membership. 

*^5- STS is empowered to establish such permanent or temporary 
subordinate bodies as may be necessary to accomplish its 

the provisions of this Charter. Such 
bodies will establish their own procedures, but be established 
only for such definite term as the STS designates. 

7. The STS is responsible to the full NTISSC membership for, and 
reports to the NTISSC Chair on: ^ ' 

A » formulating and recommending, for approval 

and establishment by the NTISSC, specific operating policies, 
bjectives, and priorities, affecting matters under the 
cognizance of the STS, as may be required to achieve the broad 

security policies and objectives established 
y NSDD 145, or such guidance as may be subsequently issued by 
the Systems Security Steering Group. ^ 

b. Developing a program to work with the private sector in 
accordance with NSDD-145. 


2 
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c. Providing a forum for the interchange of information 
among NTISSC members on all aspects of telecommunications 
, security. - - 

status of telecommunications 

systems security with respect to established objectives and 
policies and submit that evaluation to the Chair, NTISSC 
Included in the evaluation will be information on the threat to 

exploitation of U.S. Government and government 
contractor telecommunications systems. 

telecommunications systems security guidance 
for NTISSC to provide to the departments and agencies of the 

refers to direction, decision, instruction 
advice which concerns telecommunications security standards 
criteria, equipments, and applications. ' 

f. Interacting with other permanent or temporary sub- 
committees of the NTISSC as necessary to combine, coordinate or 

security or protective measures 
where appropriate. This interaction shall take into 
consideration the differing levels of technology which may 
prevail among or between countermeasures systems. 

, . ^ status reports and identifying actions and 
subjects which require the attention of the NTISSC in support of 
promoting and expediting the implementation of telecommuni- 

fa^ throughout the government and, in so 

far as it impacts on the operations of related communications 
between industry, the government, and the private sector. 

Performing or carrying out other responsibilities 
NTISSC?^ ^ telecommunications security as may be directed by the 

8. The effective date of this Charter is 8 November 1984. The 
S^N^LIcf the STS will be reviewed annually by 
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I NTISSC 

MATtONAL 

TCLECOMMUNICATIONt 
. / tf AMO 

IMFCmMATION SVSTCMS 

SCCUWTV 

OOMMITTCE 


NTISSC 21/1 
21 November 1984 


MEMORANDUM FOR THE MEMBERS AND OBSERVERS, NATIONAL 

TELECOMMUNICATIONS AND INFORMATION SYSTEMS SECURITY 
COMMITTEE 

SUBJECT; Representation on the NTISSC 's Permanent Subcommittee 
on Automated Information Systems Security (SAISS) 


STAT 

STAT 


STAT 


liir National Security Decision Directive (NSDD) Number 

145 signed into effect 17 September 1984 by the President, 
provides for your representative's participation in the work of 
the permanent SAISS. Your representative and designated 
alternate should have a TOP SECRET/SI/TK security clearance. 

2 . 


The Executive Secretary of the SAISS is 

' n;,mo 688--7355. Please ensure that she has 

rne name, mailing address, phone number (s) and TOP SECRET/SI/TK 
security clearance not later than 30 November 1984. 

3. Enclosed are the operating procedures for the NTISSC 
and Its two permanent subcommittees as adopted at the first 

a proposed the 

SAISS has also been enclosed for your representatives review 
from^nQnn^??nn^J^^ SAISS meeting scheduled for 10 December 1984, 

Director, DIA Conference Room, room 
3E267, the Pentagon. In addition to the information requested 
above, comments/concurrence/additions to the proposed agenda 
topics should also be fo rward ed to the Executive Secretary by 
30 November 1984. | ^ ^mailing address is; National 
S curity Agency, ATTN; Executive Secretary, NTISSC Fort 
George G. Meade, MD, 20755-6000. JNiibbC, 

in «-hf*cA^ce‘^ representative should come prepared to participate 
in the SAISS action item and to discuss the coming year's 
proposed agenda. Notification of attendance by other than the 
representative or designated alternate shall be in writing lo 
the Executive Secretary and will stipulate that the attendant is 
empowered to cast a vote in the representative's behalf. 
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NTISSC 21/1 

5. I wish to take this opportunity to welcome in advance 

your representative to the SAISS Subcommittee and to participate 
in Subcommittee activities. participate 


STAT 


Regards . 


Cha^^man 

Subcommittee on Automated 
Information Systems Security 


2 Ends: 
a/s 
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STAT 


AGENDA 

SAISS MEETING 

Chairman 


I. Opening Remarks 

II. Introduction of Members 

III. SAISS Charter and Procedures 

IV. SAISS Initial Action Item 

Develop the first annual evaluation of the status 
of automated information systems security in the 
government (due to the NTISSC on 15 February 1985) 

V. Proposed SAISS Agenda Items 

A. Adopt a meeting schedule for the year 

B. Suggested topics for the year 

Develop a program to work with the private 
sector in accordance with NSDD 145 

Formulate specific operational policies 
for automated information systems security 
in the government 

Establish the direction and priorities for 
securing automated information systems 

a. Have current systems meet the 
requirements of the C2 rating lAW the 
Trusted Computer Systems Evaluation 
Criteria (TCSEC) 

b. By FY88 have many products of diverse 
size and type rated in the range of 
B3 to Al I AW the TCSEC 

c. Fund R&D efforts for "beyond-Al" 

' technology 

VI. Review of NTISSC Items 


1 . 

2 . 

3. 
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NTISS Directive No. 900 
Date: 8 November 1984 


GOVERNING PROCEDDRES 
of the 

NATIONAL TELECOMMUNICATIONS AND INFORMATION SYSTEMS 

SECURITY COMMITTEE 


Section I — Establishment and Purpose 

1. National Security Decision Directive (NSDD) 145, 
entitled "National Policy on Telecommunications and Automated 
Information Systems Security," dated September 17, 1984, 
establishes initial national objectives, policies, and 
an organizational structure to guide the conduct of national 
activities directed toward safeguarding systems which process or 
communicate sensitive information from hostile exploitation, 
establishes a mechanism for policy development, and assigns 
responsibilities for implementation. The Directive, Section 3, 
establishes a senior level steering group, an interagency group 
at the operating level, an executive agent, and a national 
manager to implement these objectives and policies. The 
National Telecommunications and Information Systems Security 
Committee (NTISSC) is established to operate under the direction 
of the Steering Group to consider technical matters and develop 
operating policies as necessary to implement the provisions of 
NSDD 145. 


2. The purpose of this National Telecommunications and 
Informations Systems Security Directive is to establish the 
operating procedures governing the NTISSC and subordinate bodies 
as well as delinate the interrelationships between and among the 
Committee and the Systems Security Steering Group, the Executive 
Agent, and the National Manager. NSDD— 145, Section 4, creates 
and specifies one of the responsibilities of the Systems 
Security Steering Group (the "Steering Group"), will be to 
monitor the activities of the operating level National 
Telecommunications and Information Systems Security Committee 
(the "Committee") and provide guidance for its activities. 

Section II - Membership and Officers 

1. The National Telecommunications and Information Systems 
Security Committee (NTISSC) shall be chaired by the Assistant 
Secretary of Defense for Command, Control, Communications and 
Intelligence, ASD(C3I), and be composed of voting 
representatives ) from the departments, agencies, or entities 
("organizations") of the Federal Government officers designated 
in NSDD 145, Section 5, and listed in this Directive as Appendix 
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2. Federal Government officers, listed in Appendix A, 
shall designate a "representative" to serve on and attend to 
Committee functions, meetings, or activities. Alternate 
representatives will be permitted provided that advance written 
notification be provided to the Chairman. This written 
notification must identify the alternate, state that the 
individual will be empowered to speak for the department or 
agency he/she is representing and indiate the appropriate 
security clearance. 

3. The Committee may make recommendations to the Steering 
Group on Committee membership. The Committee will also 
establish criteria and procedures for permanent observers from 
other departments or agencies affected by specific matters under 
deliberation. Qualified observers may attend Committee meetings 
and participate in Committee activities upon invitation of the 
Chair . 


4. All organizations represented on the Committee, or 
invited to participate, shall accredit in writing to the Chair, 
their representatives or observers for participation in the 
Committee . 


5. Personnel participating in the activities of the 
Committee, and subordinate bodies, shall possess, as a minimum, 
a TOP SECRET SI and TK security clearance. Written verification 
of security clearances shall be submitted to the Executive 
Secretary. 

Section III - Subordinate Bodies of the NTISSC 

1. The Committee shall have two permanent subordinate 

bodies: a Subcommittee on Telecommunications Security and a 

Subcommittee on Automated Information Systems Security. The 
subcommittees shall interact closely and any recommendations 
concerning implementation of protective measures shall combine 
and coordinate both areas as appropriate. The permanent 
subcommittees shall be comprised of representatives from the 
organizations which are represented on the Committee. 

2. The Committee may establish such other permanent and 
temporary subordinated bodies as necesary to discharge its 
activities and responsibilities. These bodies may be composed 
of representatives or other individuals as the Committee shall 
select, and must be established by majority vote of the 
Committee . 

3. Subordinate body procedures and specific 
responsibilities' shall be governed by separate charter. 


2 
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4. The Committee or the Chair, as appropriate, shall 
provide guidance to ensure the effective functioning of 
subordinate bodies. 

5. The Committee shall have a permanent Executive 
Secretariat composed of personnel of the National Security 
Agency and such other personnel from organizations represented 
on the Committee as are requested by the Chair. 

Section IV — Activities and Responsibilities 

1. The activities and responsibilities of the NTISSC are 
directed by NSDD-145. In order to execute these activities and 
responsibilities the NTISSC shall: 

a. develop, through attendance and participation in 
meetings or other activities specific operating policies, 
objectives, and priorities as may be required to implement NSDD- 
145. 


b. provide telecommunication and automated information 
systems security guidance to the departments and agencies of the 
government. 

c. submit annually to the Steering Group an evluation 
of the status of national telecommunications and automated 
information systems security with respect to established 
objectvies and priorities. Included in the evaluation will be 
Committee finding on the threat to and evidence of the 
exploitation of Government, and Government contractors 
telecommunications and automated information security systems. 

d. identify systems which handle sensitive, non- 
government information, the loss and exploitation of which could 
adversely affect the national security interest, for the purpose 
of encouraging, advising and, where appropriate, assisting the 
private sector in applying security measures. 

e. approve the release of sensitive systems technical 
security material, information, and techniques to foreign 
governments or international organizations with the concurrence 
of the Director of Central Intelligence for those activities 
which he manages. 

f. establish and maintain, a national system for 
promulgating the operating policies, directives, guidance, and 
disseminating advisory information which may be issued purusant 
to NSDD-145. The Executive Secretary will be responsible for 
maintaining the' NTISS issuance system in conformance with 
Appendix B. 
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g. establish permanent and temporary subcommittees as 
necessary to discharge the Committee responsibilities and 
monitor , provide guidance and direction to the subordinate 
bodies of the Committee. 

h. make recommendations to the Steering Group on 
Committee membership and establish criteria and procedures for 
permanent observers from other departments or agencies affected 
by specific matters under deliberation, who may attend meetings 
upon invitation of the Chairman. 

i. interact with the National Communications Systems 
Comittee of Principals established by Executive Order 12472 to 
ensure the coordinated execution of assigned responsibilities. 

2. The Committee representatives shall: 

a. be fully empowered to act on Committee matters on 
behalf of their respective organizations; 

b. serve as their organizations' point of contact for 
Committee and other matters related to the NTISSC; 

c. provide complete and timely staffing of Committee 
actions within their organizations; 

d. provide, through attendance and participation in 
Committee meetings, or other functions, their respective 
organizations' positions on matters before the Committee; 

e. serve as representatives to subordinate Committee 
bodies at the discretion of their organizations and provide 
guidance to other individuals from their organizations serving 
on subordinate bodies; 

f. provide reports, comments, or recommendations to 
the Committee, as required, through the Executive Secretary; 

g. ensure that their respective organizations are 
apprised of Committee matters and other activities related to 
the Committee. 

3. The Chair, in addition to the responsibility to keep 
the Executive Agent informed of significant current matters 
under consideration by the Committee, shall: 

a. convene, preside over, and adjourn Committee 

meetings ; 

b. receive from and distribute to the Committee 
reports, comments, and recommendations through the Executive 
Secretary; 
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c. endorse, sign, or otherwise certify actions of the 
Conunittee; and 

d. provide, through the Executive Secretary, the 
necessary support for Committee activities, including the timely 
dissemination of meeting announcements, proposed agendas, 
current membership rosters, and minutes of Committee meetings. 

4. The Executive Secretary shall: 

a. assist and provide support to the National Manager 
as Executive Secretary to the Systems Security Steering Group; 

b. provide administrative support to the Committee and 
maintain official records of Committee meetings and other 
activities, including the assignment of serials for documents 
submitted to the Committee for consideration; 

c. distribute correspondence to the Chair and 
representatives of the Committee, the Executive Agent, the 
National Manager, or other government organizations, as 
appropriate; 

d. establish and maintain a national system for 
promulgating the operating policies, directives, guidance, or 
other issuances, which may be required pursuant to NSDD-145 or 
as the Committee or the Chair so require; and 

e. maintain a current roster of the names and security 
clearances of all participants in the Committee and subordinate 
bodies, either permanent or temporary. 

5. The NSA shall provide facilities and support to the 
Executive Secretariat as required and other organizations 
represented on the Committee shall provide facilities and 
support as requested by the Chair, through the Executive 
Secretary. 


Section V - Meetings 

1. The Chair of the Committee shall not convene a meeting 
unless a quorum is present. A quorum shall constitute the 
presence of one more than one half of the representatives. 

2. The Committee shall meet at the call of the Chair or, 
upon request to the Chair by a majority of its representatives. 
The Committee should meet at least once each calendar quarter, 
however, a minimum of two Committee meetings shall be convened 
each calendar year. At the final meeting each calendar year, 
the Committee shall establish a tentative schedule of meetings 
for the forthcoming year. 
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3. Agenda items for Committee meetings will be submitted 
to the Chair through the Executive Secretary and all timely 
submitted agenda items shall be included on the agenda. All 
agenda items will be taken in the normal order of business of 
the meeting for which proposed, unless withdrawn by the sponsor 
or otherwise disposed of by vote of the representatives at the 
meeting The Executive Secretary shall distribute supporting 

agenda items for review by the membership prior to 
meetings provided that such material is submitted to the 
£.xecutive Secretary sufficiently in advance of the meeting. 

4. Subordinate bodies shall meet at the call of their 
respective Chairs or as established by Charter as necessary to 
accomplish assigned tasks. 

5. Except in emergency circumstances, notice of scheduled 
Committee meetings and proposed agendas shall be provided by the 
Executive Secretary ten calendar days prior to the meeting date. 

Additions to published agendas require approval by the meetina 
participants. ^ 

6. Minutes of all Committee meetings shall be prepared by 
the Executive Secretary and submitted to the representatives for 
review no later than ten calendar days following the meeting. 

The minutes shall, as a minimum, describe and record the vote on 
each decision made in the meeting. 

7. Minutes, summaries, or reports, as appropriate, of 
subordinate body meetings shall be prepared by the Chair of each 
subordinate body. Copies shall be provided to the Executive 
Secretary of the Committee no later than twenty calendar days 
following each meeting or the final meeting, as appropriate. 

Section VI - Voting 

All represented organizations shall have one vote each 
on matters before the Committee. The Chair shall vote in the 
event of a tie. All issues before the Committee will be 
decided, and recommendations and decisions made, by a majority 
vote of the representatives present and voting. Minority or 
dissenting views shall be recorded at the request of any 
representative . 

2. Voting may be conducted by mail, barring written 
objection from any representative, in which case the Chair may 
call a special meeting to conduct the vote. 

3. Representatives who are absent from a meeting may 
subsequently register, through the Executive Secretary, a formal 
position for the record with the Chair. Such action shall not 
affect the outcome of any formal vote. 
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4. ^ Observers to the Committee shall neither cast votes 
be considered in determining a quorum, 

5. Representatives shall neither promise nor cast proxv 

votes. ^ 


nor 


Section VII — Reporting Procedures 

The Chair shall forward to the Committee and or 
Steering Group decisions, recommendations, findings, and 
recorded minority or dissenting views. 


2. Committee representatives shall forward, through the 
Executive Secretary, to the Chair copies of such implementing 
issuances for their respective organizations as may be required 
by the promulgation of NTISS policies, directive, or 
instructions. 


3. Subordinate body reports and recommendations shall be 
submitted, through the Executive Secretary, to the Chair for 

The receipt of reports and recommendations 
by the Chair shall not signify approval. Following receipt by 
tne Chair, the reports and recommendations shall be reviewed 
formally approved or disapproved, and forwarded, as appropriate. 
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Appendix A 


National Telecomiaunications and Information Systems Security 

Committee Membership 

Chair 

In accordance with Section 5 of NSDD-145, the National 
Telecommunications and Information Systems Security Committee 
shall be chaired by the Assistant Secretary of Defense for 
Command, Control, Communications and Intelligence. 

Representatives 

Membership of the Committee shall be comprised of a voting 
representative of each of the following: 

Assistant to the President for National Security Affairs 

The Secretary of State 
The Secretary of the Treasury 
The Secretary of Defense 
Director, Office of Management and Budget 
The Attorney General 
The Secretary of Commerce 
The Secretary of Transportation 
The Secretary of Energy 
Director of Central Intelligence < 

Chairman, Joint Chiefs of Staff 
Director, National Security Agency 
Administrator, General Services Administration 
Director, Federal Bureau of Investigation 
Director, Federal Emergency Management Agency 
The Chief of Staff, United States Army 
The Chief of Naval Operations 
The Chief of Staff, United States Air Force 
Commandant, United States Marine Corps 
Director, Defense Intelligence Agency 
Manager, National Communications System 
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APPENDIX B 

NATIONAL TELECOMMUNICATIONS AND INFORMATION SYTEMS 
SECURITY (NTISS) ISSUANCE SYSTEM 


A National Telecommunications and Information Systems 
Security (NTISS) issuance system is established for purposes of 
promulgating objectives and policies, issuing directives and 

disseminating advisory information. As a minimum, 
the System shall include: 

1. NTISS Policies: May be issued by the Steering 
Group or the Committee through the respective Chair subsequent 
to approval by the members. Policy issuances reflect statements 
of national goals and objectives which are applicable to and 
binding upon the departments and agencies of the government 
NTISS policies shall be issued in the following series? 

001-099 General - applicable to telecommunications 

security (COMSEC) , information 
systems security (COMPUSEC) , and 
systems security countermeasures 
(TEMPEST) . 

100-199 COMSEC 
200-299 COMPUSEC 
300-399 TEMPEST 
400-499 Reserved 

2. NTISS Directives: These issuances are directive 
upon departments and agencies of the government and are 
promulpted by the Executive Agent, or the Chair when so 
delegated by the Executive Agent. Directives shall be 
coordinated among the represenatatives. Directives shall be 
numbered as follows: 


500-599 General 
600-699 COMSEC 
700-799 COMPUSEC 

800-899 TEMPEST 

\ 

900-999 Administrative 
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Instructions: These issuances provide 
instructional guidelines and establish technical criteria on 
specific security matters for implementation by Committee 

" "S'? respective organiLuons \hey 

binaing upon aeparmtents ana agencies of the government 

JS?aenner%esti} technical, or impllmln^a?!^^ 

quiceiines, restrictions, and procedures that are aenerallv 

automated^inforIil^i-°°"^‘^°*^ of telecommunications security and 

shaU be nimber™frL!!S;:s“'' activities. They 


1000-2999 

3000-4999 

5000-6999 

7000-8999 

9000-9999 


General 

COMSEC 

COMPUSEC 

TEMPEST 

Administrative 


Advisory and Information Memoranda: These 
generarLtSreL^?^'?? advice, assistance, or information of 
maf-forc applicable departments and agencies on 

sJJtlms secSrit5°rreh®ff°I!® automatea information 


GENERAL/1- (YR) — one-up series by year 
COMSEC/1- (YR) — one-up series by year 
COMPUSEC/1- (YR) — one-up series by year 
TEMPEST/1- (YR) — one-up series by year 


2 


Sanitized Copy Approved for Release 2010/05/21 : CIA-RDP97M00248R0005001 70024-2 


■ Sanitized Copy Approved for Release 2010/05/21 ; CIA-RDP97M00248R0005001 70024-2 


NATIONAL TELECOMMUNICATIONS AND INFORMATION SYSTEMS SECURITY COMMITTEE 

CHARTER 
for the 

SUBCOMMITTEE ON AUTOMATED INFORMATION SYSTEMS SECURITY 


The National Policy on Telecommunications and Automated 

(National Security Decision 
and directs the establishment, under 
the National Telecommunications and Information Systems Security 
Coi^ittee (NTISSC), of a permanent Subcommittee on Au^omate^ 
Information Systems Security (SAISS) . In accordance with tL 

NSDD-145 and the Governing Procedures of the NTISSC 
organization, responsii>ilitils!"JL^=' 

the 

information systems security and other such related areas as may 
be determined by the subcommittee to be appropriate. ^ 

shall be composed of one voting represen- 
alternatP°fnr^S^ organization represented on the NTISSC. One 
5 principal SAISS representative shall be 

plenary powers in the absence of the 

Lve a'^?o; sS'c?e«'an«: observers shall 

government organizations 
expditious implementation of national automated 
S ^ security policy, and which are not repre- 

sented on the NTISSC, may be invited by the Chair, NTISSC to 
participate in SAISS activities. Each such organization may be 

SAISS by an observer, who shall have all^ 
rights and privileges of representatives, except the right to 


3. The SAps Chair will be the Director, DoD Computer Security 
Center. The NTISSC Secretariat also will serve as the 
secretariat to the SAISS. 

4. The SAISS representatives should meet at least once per 
quarter each calendar year or more often at the call of the 
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Chair or at the request of a majority of the representatives, but 
not less than two times per year. A tentative agenda for each 
subsequent year shall be established by the Secretariat before 
the end of the last quarter of the current calendar year. 

The permanent subcommittee shall have as its procedures the 
following: 

a. The SAISS will reach decisions on matters within its 
cognizance by majority vote. The Chair shall vote in the event 

views, with supporting rationale, may be 
any representative, brought to the attention of the 
NTISSC Secretariat, and forwarded to the full Committee. 

4 .^ ?“^ 3 ects for consideration by the SAISS may be referred 

to It by the NTISSC or by any SAISS representative or observer. 

T e Secretariat will at least annually specifically solicit 
issues from the SAISS representatives for the forthcoming year. 

4 - 1 , will publish an agenda and summary minutes of 

tne SAISS and Its subordinate bodies which shall be the official 
record of business. The agenda shall be provided 10 working days 

before each meeting and the minutes within 10 working days after 
each meeting. 

d. Such other procedures as may be required to conduct the 
raembership^°^^'^^^^^^ SAISS may be determined by the SAISS 

6. The SAISS is empowered to establish such temporary 
subordinate bodies as may be necessary to accomplish its 
responsibilities under the provisions of this Charter. Such 
bodies will establish their own procedures, but be established 
only for such definite term as the SAISS designates. 

7. The SAISS is responsible to the full NTISSC membership for, 
and reports to the NTISSC Chair on; 

, f formulating and recommending, for approval 

and establishment by the NTISSC, specific operating policies, 
objectives, and priorities, affecting matters under the 
cognizance of the SAISS as may be required to achieve the broad 
automated information systems security policies and objectives 
established by NSDD-145, or such guidance as may be subsequently 
issued by the Systems Security Steering Group. ^ ^ 

b. Developing a program to work with the private sector in 
accordance with NSDD-145. 
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c. Providing a forum for the interchange of information 

orpnizations, their sub^dinates ^nf 
slcurity!^'^^'^^^' aspects of automated information systems 

d. Evaluating annually the status of automated information 
systems security with respect to established objectivefanr 

ana govetnaent 

Developing autoraatea information systems security 

NTISSC to proviae to the aepariments ana agencies of 
the government. Guiaanoe refers to aireotion, aeoision; 
instruction or aavice which concerns automatea information 
systems security standards, criteria, equipments, and 
applications. 

J*^t®J^3cting with other permanent or temporary 

Ifea^sforth ‘“e NTISSC as necessary to combine, Lorainate 
or advise on the implementation of security or protective 

measures where appropriate. This interaction sLll take into 
the differing levels of technology which may 
prevail among or between countermeasures systems. 

g. Providing status reports and identifvina ;»nHr,ne 
subjects which require the attention of the NTISSC in support of 
expediting the implementation of automated^^ 
information security programs throughout the government and 
insofar as it impacts on the exchange of clasIiaerorsensUive 
sector! " between industry, the government, and the private 

- b* Performing or carrying out other responsibilities 

8. The effective date of this Charter is 8 November 1984 The 

^be SAISS will be reviewed annu;iirby 
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NATIONAL TELECOMHONICATIONS AND INPORMATIOH SISTEMS SECDRITJf COMMITTEE 

CHARTER 
for the 

SUBCOMMITTEE ON TELECOMMUNICATIONS SECURITY 

n.u“cat!oni Sec^Uv fs?sr™?r"" Subcommittee on Telecom- 

delibe?atfoL''anra^UoSs^of'?he%?S x'nJlude lit 

IlIPpRi^gs^^ 

a TOP IeCRET llla^ncef"®^' and observers shall have 

c:tTon'helLli"Hi'S"'a?£L""“°""\^”"^“°-^ 

NTiqqr 11,^11^1? -t ^ which are not represented on the 

wiibbc, may be invited bv the Chair Mfroor’ a. • • . 

3;^islrve?:^rL^?l-haie-a1r:-^ts-S 

representatives, except the right to vote. ^ 

the Assistant Secretarv 

Treasury‘° ThrNTlsSc‘^Secf°t'"^^‘?" Technology, Department 'of the 
aecre^ariat to toe sjs! 
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representatives should meet at least once per auart^r 

each calendar.„.year. or.-more of ten~at -the call of the ChLr or at 

San"?2o^M ^ majority of the representativLrbuf noJ list 
yea? shall^bJ%??ah^®^^ 'a ? <'®''tative agenda for each subsequent 

following?™^"®"‘ shall have as Its procedures the 

a. The STS will reach decisions on matters within it<? 
cognizance by majority vote. The Chair shall vote in the event 

views, with supporting rationale, may be^ 

NTISSC LcLt??ia?^''anrf^^^''®; to the attention of the 

wiibbt, secretariat, and forwarded to the full Committee. 

u ^or consideration by the STS may be referred tn 

It by the NTISSC or by any STS represLtative or obsL^lr 

ftZ annually specifically soU^U ^^sue^ 

from the STS representative for the forthcoming year? 

the STS publish an agenda and summary minutes of 

K ^ subordinate bodies which shall be the official 
record of business. The agenda shall be provided 10 workina davs 

Lch meJJiJlg?®®*''''^ minutes within 10 working days Ifter 

subocSLS bcd!r:r:fy^be"nel“s«y=raS^^^ 

bldTri?li\"stabMuh%h“- this cS«er;'%uch 

only for such definite ter^ lrtK°l?s“d«ignates! 

reports to^the NTISSC^cSir *'on?^^ NTISSC membership for, and 

ana formulating and recommending, for aporoval 

NTISSC, specific operating ^l?cier 
bgectives, and priorities, affecting matters under the ' 

cognizance Of the STS, as may be required to achieve the broad 

security policies and objectives established 

i-ho c f- such guidance as may be subsequently issued bv 

the Systems Security Steering Group. ^ issued by 

b. Developing a program to work with the private sector in 
accordance with NSDD-145. ^ sector in 
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^ foruHi fot the interchange of information 
— . g . NTISSC members on all aspects of telecommunications 

security, 

_ Evaluating annually the status of telecommunications 

systems security with respect to established obje^iSefai^ 
submit that evaluation to the Chair, NTISSC. 

evaluation will be information on the threat to 
exploitation of U.S. Government and government 
contractor telecommunications systems. 

for Systems security guidance 

tor NTISSC to provide to the departments and agencies of the 

government. Guidance refers to direction, decisio^! instruction 

concerns telecommunications security standards 
criteria, equipments, and applications. ' 


f. Inte 
committees of 
advise on the 
where appropr 
consideration 
prevail among 


racting with other permanent or temporary sub- 
the NTISSC as necessary to combine, coordinate or 
implementation of security or protective measures 
late. This interaction shall take into 

levels of technology which may 
or between countermeasures systems. 


g. Providing status reports and identifying actions and 
subjects which require the attention of the NTISSC in suooort of 
cations”? and expediting the implementation of telecommuni- 
fa^ aS throughout the government and, in so 

hfLf ^ impacts on the operations of related communications 
between industry, the government, and the private sector. 

relat^Ao or carrying out other responsibilities 

NTISSC?^ telecommunications security as may be directed by the 

rhar^or V® . ^^is Charter is 8 November 1984. The 

thr^Lsc? the STS will be reviewed annually by 


Sanitized Copy Approved for Release 2010/05/21 : CIA-RDP97M00248R0005001 70024-2 


